Description
JOB SUMMARY:The Manager, Information Systems (IS) Risk Management leads the IS risk management team and is responsible for conducting risk analysis on information systems, platforms, and processes in accordance with established regulations and organizational standards. This position is responsible for evaluating IT infrastructure and systems in terms of risk to the organization and recommends controls to mitigate loss of data, confidentiality, integrity and availability, while aligning those initiatives to the core organizational mission. The Manager, IS Risk Management will recommend and implement improvements in the current risk management framework and controls and requires creativity and innovation in conducting a high volume of risk analyses. This position is responsible for recommending actionable and cost effective risk mitigation strategies while reporting accurate and relevant risks to appropriate stakeholders.
ESSENTIAL DUTIES AND RESPONSIBILITIES:
Supports business functions in evaluating and addressing areas of Information Systems risk which includes identifying required remediation of systems and applications for certification and audit compliance, conducting IT risk analysis and evaluations on IT assets and processes as it pertains to compliance, evaluating risks associated with the procurement of new IT products/systems, and evaluating risks associated with the use of third-party vendors.
Assists with Risk Management initiatives from resulting risk analysis which includes proposing solutions to mitigate risks under the established risk management strategies, assisting stakeholders with remediation planning and ensuring identified gaps have been appropriately managed in order to achieve certification and/or compliance, preparing and regularly submitting risk analysis reports and defining and recommending implementation of key risk indicators.
Guides IS Risk Management oversight, governance and policy and leads the development of internal processes for streamlining risk analysis techniques.
Educates and contributes to risk and security awareness across the organization; reviews compliance regulations and leads updating organizational IT compliance initiatives; responsible for education on IT assets and processes as it pertains to compliance.
Completes RFI/RFP responses and is responsible for accurately and promptly responding to security questions in RFI/RFPs to support the procurement of new customers.
Current CISSP, CISA, CRISC, CISM or other equivalent information security or risk management certification preferred.
Bachelor's Degree in one of the following subject areas: Computer Science, Business Administration, or related field preferred or equivalent relevant work experience
5-8 years work experience in IT with direct experience in legal and compliance related operations required
Minimum three years program, supervisory, or team management experience
Demonstrated understanding of risk management processes as they relate to compliance and legal support desired